Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

admin by admin
August 30, 2022
in Ethical Hackers


As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems.

“The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRat, to enable various stages of their operations,” Cisco Talos researcher Vanja Svajcer said in a report shared with The Hacker News.

CyberSecurity

The malicious implant in question, ModernLoader, is designed to provide attackers with remote control over the victim’s machine, which enables the adversaries to deploy additional malware, steal sensitive information, or even ensnare the computer in a botnet.

Cisco Talos attributed the infections to a previously undocumented but Russian-speaking threat actor, citing the use of off-the-shelf tools. Potential targets included Eastern European users in Bulgaria, Poland, Hungary, and Russia.

Infection chains discovered by the cybersecurity firm involve attempts to compromise vulnerable web applications like WordPress and CPanel to distribute the malware by means of files that masquerade as fake Amazon gift cards.

Stealers, Cryptominers and RATs

The first stage payload is a HTML Application (HTA) file that runs a PowerShell script hosted on the command-and-control (C2) server to initiate the deployment of intertim payloads that ultimately inject the malware using a technique called process hollowing.

Described as a simple .NET remote access trojan, ModernLoader (aka Avatar bot) is equipped with features to gather system information, execute arbitrary commands, or download and run a file from the C2 server, allowing the adversary to alter the modules in real-time.

CyberSecurity

Cisco’s investigation also unearthed two earlier campaigns in March 2022 with similar modus operandi that leverage ModerLoader as the primary malware C2 communications and serve additional malware, including XMRig, RedLine Stealer, SystemBC, DCRat, and a Discord token stealer, among others.

“These campaigns portray an actor experimenting with different technology,” Svajcer said. “The usage of ready-made tools shows that the actor understands the TTPs required for a successful malware campaign but their technical skills are not developed enough to fully develop their own tools.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Erlik – Vulnerable Soap Service

Next Post

What does Google know about me?

Next Post

What does Google know about me?

Recommended

How to Watch Guilt Season 2 Online for Free

5 months ago

Surfshark vs Atlas VPN: Which wins?

4 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.